[wp-trac] Re: [WordPress Trac] #5565: Plugin can hook into any
functions or variables inside WP
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 2 02:43:24 GMT 2008
#5565: Plugin can hook into any functions or variables inside WP
-------------------------+--------------------------------------------------
Reporter: keithdsouza | Owner: anonymous
Type: defect | Status: closed
Priority: low | Milestone:
Component: Security | Version:
Severity: normal | Resolution: invalid
Keywords: |
-------------------------+--------------------------------------------------
Changes (by darkdragon):
* status: new => closed
* resolution: => invalid
* milestone: 2.5 =>
Comment:
Indeed that has been possible, but the plugin would have to be first
enabled by the user. However, from your previous tickets, you have stated
that a user might be able to inject plugin code which would disrupt the
plugin process.
There is no PHP 4 compatible solution that can solve this however. It is
up to the user to make sure that the plugin they are downloading and
upgrading is "safe" and up to the community to point out any plugins that
aren't.
WordPress can't protect Users from themselves and any hacking attempt that
gets this far would need to have the hole that allowed the hacker to
initiate code such as this.
This ticket as it stands has no solution or not one that doesn't require
forcing PHP5 to use private/protected class members or writing the plugin
API as an extension.
--
Ticket URL: <http://trac.wordpress.org/ticket/5565#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list